Growth of Machine-to-Machine (“M2M”) Communications.
M2M communications are messages or notifications between devices which are not specifically initiated by the owner or operator of the device, but may occur for a number of reasons such as routine updates and checks, responses to change in the environment, or user action. It is anticipated that, with the growth of smart devices in use, there will be a simultaneous growth in machine-to-machine transactions per year. Mobile devices or machines with unique identifiers which may be encrypted, obscured, obfuscated or otherwise undiscoverable, and which may or may not be numerical, will have reason to independently reach out to other mobile devices or machines with such identifiers. A secure brokering system would allow the communication to occur while maintaining privacy.
Need for Privacy in M2M.
Presently, subscribers to wireless telephone services expect that their contact information (including their telephone number) will be maintained confidentially. Subscribers do not want to receive unsolicited calls on their mobile or cell phone, for instance, from telemarketers. This fact is recognized by wireless carriers, as mobile or cellular telephone numbers remain unpublished, for the most part. However, more machines than merely what we presently think of as telephones will have identifiers similar to cellular telephone numbers, which will be used to communicate with other such devices. More of these machines will be consumer machines, for example refrigerators, and in a similar way to their cell phones, consumers will demand privacy and, in particular, the ability to receive desired messages but also to avoid unsolicited commercial or malicious messages being sent to the devices they own. Companies will also wish to protect the addresses of machines in order to reduce the chance of attack or accidental damage.
Presently, for one machine to connect to another it must know either a physical address, such as the IP address or telephone number, or an assigned name for a machine, such as a domain name, which would in turn reveal the IP address. In the case of systems with only a physical address, the management and storage of these physical addresses across all machines that need to know the particular addresses results in a heavy workload for these machines.
Where a Name System exists (e.g., the internet Domain Name System, which translates an IP address into an easier to remember name such as “www.stamps.com”) the problem is simplified somewhat by making it possible to change the physical machine or the physical address to which the name directs. In both cases, however, it is necessary to deal with updating each connecting device with names that change and the distribution of these names to third parties continues to be a significant burden. Furthermore, identifying devices even by a domain name address can render the device, and other devices along the same domain name, vulnerable to attack. Accordingly, a secure system using a broker which can identify destination machines by characteristics such as ownership or location, rather than by name, is desirable.
Presently, machines decide to accept or reject connections based on the origin machine knowing a secret, e.g., a passphrase or key. However secrets must be distributed in advance and revoked in case of a breach. Prior art systems also can infer the legitimacy of the connection based on its apparent network identifier. However, apparent network identifiers can be fraudulently generated, as keys and certificates can be copied. Accordingly, a system using a broker to vouch for the legitimacy of the connection at the time of the connection, rather than at some prior time when creating something such as a certificate or a key, would be desirable.